SSL证书拒绝尝试通过防火墙后的HTTPS访问GitHub

我被困在防火墙后面，所以必须使用HTTPS访问我的GitHub存储库。我在Windows XP上使用cygwin 1.7.7。

我试过把遥控器设置为https://username@github.com/username/ExcelANT.git，但按下输入密码的提示，但输入后没有任何反应。 https://username:<密码>github.com/username/ExcelANT.git和克隆空回购从零开始，但每次它给我同样的错误

错误:SSL证书有问题，请检查CA证书是否正确。细节: SSL例程:SSL3_GET_SERVER_CERTIFICATE:访问https://github.com/username/ExcelANT.git/info/refs时证书验证失败

打开GIT_CURL_VERBOSE=1会给我

* About to connect() to github.com port 443 (#0) * Trying 207.97.227.239... * successfully set certificate verify locations: * CAfile: none CApath: /usr/ssl/certs * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Expire cleared * Closing connection #0 * About to connect() to github.com port 443 (#0) * Trying 207.97.227.239... * successfully set certificate verify locations: * CAfile: none CApath: /usr/ssl/certs * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Expire cleared * Closing connection #0 error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://github.com/username/ExcelANT.git/info/refs

fatal: HTTP request failed

这是我的防火墙有问题吗，cygwin还是什么?

我没有在Git配置中设置HTTP代理，但是它是一个ISA服务器，需要NTLM身份验证，不是基本的，所以除非有人知道如何强制Git使用NTLM，否则我就完了。

当前回答

从Github生成访问令牌并保存它，因为它不会再次出现。

git -c http.sslVerify=false clone https://<username>:<token>@github.com/repo.git

or,

git config --global http.sslVerify false
git clone https://github.com/repo.git

2019-07-11 14:53:32

其他回答

我知道最初的问题列出了Cygwin，但这是CentOS的解决方案:

curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt

来源:http://eric.lubow.org/2011/security/fixing-centos-root-certificate-authority-issues/

2011-11-28 22:54:06

你看时间了吗?

我绝对拒绝让我的git操作变得不安全，在尝试了人们在这里提到的所有东西之后，我突然发现，证书无法通过验证的一个可能原因是日期错误(要么是证书过期日期，要么是本地时钟)。

您可以通过在终端中输入日期轻松地进行检查。在我的情况下(一台新的树莓派)，本地时钟被设置为1970年，所以一个简单的ntpdate -u 0.ubuntu.pool.ntp.org修复了所有问题。对于rPi，我也建议你将以下脚本放在日常cron作业中(例如/etc/cron.daily/ntpdate):

#!/bin/sh
/usr/sbin/ntpdate -u 0.ubuntu.pool.ntp.org 1> /dev/null 2>&1

2015-03-11 03:44:09

如果你只想在github.com上使用Cygwin git客户端，有一种更简单的方法，而不必经历下载、提取、转换和分割证书文件的麻烦。按以下步骤进行(我假设Windows XP与Cygwin和Firefox)

In Firefox, go to the github page (any) click on the github icon on the address bar to display the certificate Click through "more information" -> "display certificate" --> "details" and select each node in the hierarchy beginning with the uppermost one; for each of them click on "Export" and select the PEM format: GTECyberTrustGlobalRoot.pem DigiCertHighAssuranceEVRootCA.pem DigiCertHighAssuranceEVCA-1.pem github.com.pem Save the above files somewhere in your local drive, change the extension to .pem and move them to /usr/ssl/certs in your Cygwin installation (Windows: c:\cygwin\ssl\certs ) (optional) Run c_reshash from the bash.

就是这样。

当然，这只安装一个证书层次结构，你需要的github。当然，您可以将此方法用于任何其他站点，而不需要安装200个您(不一定)信任的站点。

2011-08-06 12:37:14

对于那些使用Msys/MinGW GIT的用户，添加这个

  export GIT_SSL_CAINFO=/mingw32/ssl/certs/ca-bundle.crt

2014-09-22 18:01:34

我在必须管理的协作开发平台上配置Git时遇到了同样的问题。

解决方法:

I've Updated the release of Curl installed on the server. Download the last version on the website Download page of curland follow the installation proceedings Installation proceedings of curl Get back the certificate of the authority which delivers the certificate for the server. Add this certificate to the CAcert file used by curl. On my server it is located in /etc/pki/tls/certs/ca-bundle.crt. Configure git to use this certificate file by editing the .gitconfig file and set the sslcainfo path. sslcainfo= /etc/pki/tls/certs/ca-bundle.crt On the client machine you must get the certificate and configure the .gitconfig file too.

我希望这对你们中的一些人有所帮助。

2013-04-29 09:36:56

SSL证书拒绝尝试通过防火墙后的HTTPS访问GitHub

推荐文章

最新文章

标签